We are attempting to embed a Looker Studio dashboard (lookerstudio.google.com) onto a external app (something.something.com). The dashboard contains multiple visualizations and allows the user to navigate between them using Looker-provided navigation (i.e. the "side bar").

The Content Security Policy on the app-side is: frame-src: ["'self'", 'https://lookerstudio.google.com']

The dashboard embed itself is successful, and is able to render some (but not all) viz. The navigation between viz also works fine; users are able to freely navigate between the viz that work and those that don't.

Example of viz that isn't working:

From inspection, I see that the outer dashboard is rendered as an iframe on the app side, and the inner viz is also rendered internally as a nested iframe on the Looker side. Only the internal visualization "subframe" fails to load. The dashboard embed itself does not appear to be problematic.

The only error displayed in console is:

Refused to frame 'https://lookerstudio.google.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

[Google-internal] see also http://yaqs/6558792468358234112